qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] old (but unfixed in our clones) qemu security issues?

From: Jan Beulich
Subject: Re: [Qemu-devel] old (but unfixed in our clones) qemu security issues?
Date: Mon, 02 Mar 2015 14:40:39 +0000 
>>> On 02.03.15 at 15:18, <address@hidden> wrote:
> On Mon, 2 Mar 2015, Jan Beulich wrote:
>> >>> On 02.03.15 at 15:05, <address@hidden> wrote:
>> > I guess I could monitor cve.mitre.org or the QEMU stable tree for
>> > commits with "CVE" in the commit message, but there isn't much else I
>> > can do.
>> 
>> Yes, I think the latter is (for the time being) the most promising route.
>> Question is how much work it is going to be to find out about past
>> ones.
> 
> I could look at the matching QEMU stable tree for each of our past
> qemu-xen-upstream releases.
> 
> Unfortunately it is going to be an error prone process as QEMU stable
> trees have shorter maintenance cycles compared to Xen Project. I am
> unlikely to find recent CVEs backported to 1.6.x, that is the base for
> qemu-xen in Xen 4.4.

Yeah, I think you'll need to look at all stable trees at least, and accept
that some of the fixes may require extra backporting work.

Jan
reply via email to
[Prev in Thread] Current Thread [Next in Thread]